diff options
| author |   djm <djm@openbsd.org> | 2020-12-29 00:59:15 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2020-12-29 00:59:15 +0000 |
| commit | 3e284e193932549d9c2a2c539babca4338fff2f8 (patch) | |
| tree | 07d13d22ce97b27a554a4137e036698734c7226c /usr.bin/ssh/ssh_api.c | |
| parent | Fix an off-by-one error in the marking of the O_CH operator following (diff) | |
| download | wireguard-openbsd-3e284e193932549d9c2a2c539babca4338fff2f8.tar.xz wireguard-openbsd-3e284e193932549d9c2a2c539babca4338fff2f8.zip | |
Update/replace the experimental post-quantim hybrid key exchange
method based on Streamlined NTRU Prime (coupled with X25519).
The previous sntrup4591761x25519-sha512@tinyssh.org method is
replaced with sntrup761x25519-sha512@openssh.com. Per the authors,
sntrup4591761 was replaced almost two years ago by sntrup761.
The sntrup761 implementaion, like sntrup4591761 before it, is public
domain code extracted from the SUPERCOP cryptography benchmark
suite (https://bench.cr.yp.to/supercop.html).
Thanks for Daniel J Bernstein for guidance on algorithm selection.
Patch from Tobias Heider; feedback & ok markus@ and myself
(note this both the updated method and the one that it replaced are
disabled by default)
Diffstat (limited to 'usr.bin/ssh/ssh_api.c')
| -rw-r--r-- | usr.bin/ssh/ssh_api.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/usr.bin/ssh/ssh_api.c b/usr.bin/ssh/ssh_api.c index 66ce1343123..3a4792a4ed7 100644 --- a/usr.bin/ssh/ssh_api.c +++ b/usr.bin/ssh/ssh_api.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh_api.c,v 1.23 2020/12/04 02:29:56 djm Exp $ */ +/* $OpenBSD: ssh_api.c,v 1.24 2020/12/29 00:59:15 djm Exp $ */ /* * Copyright (c) 2012 Markus Friedl. All rights reserved. * @@ -118,7 +118,7 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_server; #endif /* WITH_OPENSSL */ ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_server; - ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server; + ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_server; ssh->kex->load_host_public_key=&_ssh_host_public_key; ssh->kex->load_host_private_key=&_ssh_host_private_key; ssh->kex->sign=&_ssh_host_key_sign; @@ -134,7 +134,7 @@ ssh_init(struct ssh **sshp, int is_server, struct kex_params *kex_params) ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client; #endif /* WITH_OPENSSL */ ssh->kex->kex[KEX_C25519_SHA256] = kex_gen_client; - ssh->kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_client; + ssh->kex->kex[KEX_KEM_SNTRUP761X25519_SHA512] = kex_gen_client; ssh->kex->verify_host_key =&_ssh_verify_host_key; } *sshp = ssh; |